Monthly Archives: August 2017

Sophos UTM 9.503-3 released

Martin 24/08/2017

Sophos has released 9.503-3 today, you can download it here: ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.502004-503003.tgz.gpg Release notes: Up2Date 9.503003 package description: Remarks: System will be rebooted Configuration will be upgraded Connected REDs will perform firmware upgrade Connected Wifi APs will perform firmware upgrade News: Maintenance Release Bugfixes: Fix [NUTM-7891]: [AWS] awslogsd.log is beeing flooded with logmessages Fix [NUTM-3196]: [Access & Identity] Overlapping backend user prefetches may not be executed Fix [NUTM-7943]: [Basesystem] Ntpd permanently restarting on slave node Fix… Sophos UTM 9.503-3 released

Read More Sophos UTM 9.503-3 released

Sophos UTM: TCP/UDP Ports used by Sophos RED

Martin 09/08/2017

When you have the UTM behind another firewall and want to use the RED technology, you will have to NAT the following ports through the perimeter firewall: Note: it has been seen several times that some ISP’s block the traffic of UDP 3410 due to it’s triggering of Intrusion Prevention Systems, so be aware of that, if things are not working in the beginning, then contact your ISP.

Read More Sophos UTM: TCP/UDP Ports used by Sophos RED

Sophos UTM: How to bypass individual WAF rules

Martin 09/08/2017

How to fix a false positive On Sophos UTM, mod_security can detect a far greater number of attacks, but also experiences a larger number of false positives. If your website is experiencing a lot of false positives, the best way to resolve them is to disable the specific rule IDs that are being detected. To determine the rule IDs that are being matched, you’ll need to check the Web Application Firewall log while browsing to… Sophos UTM: How to bypass individual WAF rules

Read More Sophos UTM: How to bypass individual WAF rules

Sophos UTM: Data disk filling up – due to coredumps

Martin 07/08/2017

Sometimes Sophos releases updates or patterns that corrupts a function in the UTM and make that function crash! – Everytime a core dump is generated, and that is filling up the data disk. If that happens you eventualle see a notification land in your mailbox saying: Data Disk is filling up – please check. Current usage: 82% When logging into webadmin, you may see this: Clearly the data disk is getting full! To fix this,… Sophos UTM: Data disk filling up – due to coredumps

Read More Sophos UTM: Data disk filling up – due to coredumps